Key-Based SSH Logins With PuTTY

Discussion in 'Installation/Configuration' started by steveomach3ww, Jan 27, 2007.

  1. steveomach3ww

    steveomach3ww New Member

    I have followed the how to 3 times now lol man ohhh man so much fun. when i get done and try to log in this is what i get

    Using username "XXXX".
    Server refused our key
    [email protected]'s password:

    anyone have any ideas on what this could be. here is a copy of the config file.

    # Package generated configuration file
    # See the sshd(8) manpage for details

    # What ports, IPs and protocols we listen for
    Port 22
    # Use these options to restrict which interfaces/protocols sshd will bind to
    #ListenAddress ::
    Protocol 2
    # HostKeys for protocol version 2
    HostKey /etc/ssh/ssh_host_rsa_key
    HostKey /etc/ssh/ssh_host_dsa_key
    #Privilege Separation is turned on for security
    UsePrivilegeSeparation yes

    # Lifetime and size of ephemeral version 1 server key
    KeyRegenerationInterval 3600
    ServerKeyBits 768

    # Logging
    SyslogFacility AUTH
    LogLevel INFO

    # Authentication:
    LoginGraceTime 30
    PermitRootLogin no
    StrictModes yes

    RSAAuthentication yes
    PubkeyAuthentication yes
    AuthorizedKeysFile %h/.ssh/authorized_keys2

    # Don't read the user's ~/.rhosts and ~/.shosts files
    IgnoreRhosts yes
    # For this to work you will also need host keys in /etc/ssh_known_hosts
    RhostsRSAAuthentication no
    # similar for protocol version 2
    HostbasedAuthentication no
    # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
    #IgnoreUserKnownHosts yes

    # To enable empty passwords, change to yes (NOT RECOMMENDED)
    PermitEmptyPasswords no

    # Change to yes to enable challenge-response passwords (beware issues with
    # some PAM modules and threads)
    ChallengeResponseAuthentication no

    # Change to no to disable tunnelled clear text passwords
    PasswordAuthentication no

    # Kerberos options
    #KerberosAuthentication no
    #KerberosGetAFSToken no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes

    # GSSAPI options
    #GSSAPIAuthentication no
    #GSSAPICleanupCredentials yes

    X11Forwarding yes
    X11DisplayOffset 10
    PrintMotd no
    PrintLastLog yes
    TCPKeepAlive yes
    #UseLogin no

    #MaxStartups 10:30:60
    #Banner /etc/

    # Allow client to pass locale environment variables
    AcceptEnv LANG LC_*

    Subsystem sftp /usr/lib/openssh/sftp-server

    UsePAM no
  2. edge

    edge Active Member Moderator

    try to login with user XXXX and password XXXXX
    Did it not say this in the howto that you have read 3 times┬┐

    (note: XXXX = root and XXXXX is the password you have set for the root account)

    edit.. I see... you have set PermitRootLogin no.

    What howto did you use?
    Last edited: Jan 27, 2007
  3. steveomach3ww

    steveomach3ww New Member

    the same as what is in the title i just put XXXX in there instead of showing my username to my firewall. I produced the keys and put them into putty like it said and when i try to connect that is what i get. I put the key in to the ./ssh folder witht the right privalges. That is what i am at :)
  4. falko

    falko Super Moderator ISPConfig Developer

    Did you follow the tutorial as close as possible?
    Did you have any problems in any of the steps shown in the tutorial?
  5. steveomach3ww

    steveomach3ww New Member

    Greetings. Tommorow i will follow the how to again and when i have a problem i will post it back here as to which step i had a problem in. Thank You all for you great support :)
  6. steveomach3ww

    steveomach3ww New Member

    Ok i started it again and i have put the key in the server and loaded the file in putty and wheni go to connect i get this Server refused our key and then it gives me the option to use a password instead to log in.
  7. falko

    falko Super Moderator ISPConfig Developer

    Do you use the correct username to log in?
  8. steveomach3ww

    steveomach3ww New Member

    yes. I use the correct user name cause when the paraphase doesn't go through it lets me use my password instad and logs in ok.
  9. falko

    falko Super Moderator ISPConfig Developer

    Did you use the correct settings in PuTTY's key generator? Did you save the correct public key on the server? Is the formatting of ~/.ssh/authorized_keys2 correct (I hope you didn't copy the one from the tutorial)?
  10. LaKing

    LaKing New Member

    With ssh, on the linux-client side use the "-v -v -v" switch, and on the server config LogLevel DEBUG3 so you can debug on both sides.
  11. Rudika79

    Rudika79 New Member


    I tried this how-to approximately one year ago and I had similar problem. I found out my problem was the ssh key file formating was not good on ssh server.

    The proper formating for authorized_keys2:
    rsa-ssh jhglkjgljhgkjhgkjhgkjglglgufljlhljv,bvgvjhvlhlhvjhvljvllmjkv
    In first line need to start whit rsa-ssh and after space and after need your long generated code and you need to finish with linux formated enter!

    Another thing could be the problem you need check authorized_keys2 file permissions and owner. Maybe your user don't have right to read authorized_keys2 file.

    chown your_user_name authorized_keys2
    chmod 600 authorized_keys2

Share This Page